AI-S

Request a Demo

Data Privacy

Current Version of the PRIVACY POLICY

for the website https://t-ais.com

Effective: May 11, 2026

 

1. Data Controller (Art. 4(7) GDPR)

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

 

Truma Gerätetechnik GmbH & Co. KG

Wernher-von-Braun-Straße 12

85640 Putzbrunn

Germany

 

Email (website/project contact): ai-s@truma.com

 

For data protection inquiries and to exercise your data subject rights (e.g., access, erasure, objection), please use the central data protection contact:

 

Email: privacy@truma.com

 

2. Data Protection Officer (Art. 37 GDPR)

Our Data Protection Officer is:

 

Alexander Bugl

Bugl & Kollegen GmbH

Sedanstraße 7

93055 Regensburg

Germany

 

Email: kontakt@buglundkollegen.de

 

  1. Scope / Target Audience

This Privacy Policy applies to the website:

 

Landing page

It does not apply to third-party websites to which we may link. For external offers, the privacy policies of the respective providers apply.

 

The website is primarily aimed at business customers (B2B). Regardless of the target audience, personal data may be processed when using the website.

 

4. Principles, Terms, and Legal Basis

4.1 Personal Data

Personal data is any information relating to an identified or identifiable natural person (Art. 4(1) GDPR). This includes, for example, name, email address, IP address, or online identifiers.

 

4.2 Legal Bases (Typical Cases on This Website)

We process personal data only if it is legally permissible. Depending on the processing, the following legal bases are particularly relevant:

 

  1. a) Art. 6(1)(f) GDPR (legitimate interest)

 

In particular for:

technical operation of the website,

IT security and fraud prevention,

error analysis and stability.

  1. b) Art. 6(1)(a) GDPR (Consent)

 

In particular for:

non-essential cookies and comparable technologies,

services classified as “Marketing” or “Statistics” in the consent banner,

integrations of external providers, if they are not strictly necessary.

  1. c) Art. 6(1)(b) GDPR (Contract / Pre-contractual Measures)

 

To the extent that processing is necessary to carry out (pre-)contractual measures at the request of the data subject (e.g., specific demo/project inquiries related to a quote).

 

4.3 Cookies and the TTDSG

Section 25 of the TTDSG applies to the storage of information on your device or access to information on your device:

 

Technically necessary cookies: Section 25(2) TTDSG (permitted without consent, provided strictly necessary).

Non-necessary cookies: Section 25(1) TTDSG (only with consent).

5. Hosting / Server Operation (Art. 28 GDPR)

5.1 Hosting Provider and Server Location

The website is hosted by:

 

5. HostPress GmbH (Germany).

5.1 The servers are located in Germany.

A contract for data processing has been concluded with the hosting provider in accordance with Art. 28 GDPR. The following are employed as sub-processors (according to current documentation):

Hetzner Online GmbH

Krämer IT Solutions GmbH

5.2 Server Log Files

For technical reasons, data is automatically processed and stored in server log files every time the website is accessed. In particular, the following data may be collected:

IP address

Date and time of access

URL accessed

Purposes:

Delivery and operation of the website,

Ensuring system security,

Detection/defense against attacks,

Error analysis/performance optimization.

Legal basis:

Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).

Retention period:

Maximum 30 days, followed by deletion/overwriting, unless there are specific reasons in individual cases that prevent this (e.g., security incident analysis).

Recipients/Access:

Access is restricted to authorized administrators and individuals who require this data to fulfill the stated purposes (need-to-know principle).

6. WordPress Features: Comments, User Accounts, Password Reset, Media

6.1 Comments

When visitors leave comments on the website, we collect:

 

– the data displayed in the comment form,

 

– the visitor’s IP address,

 

– the browser’s user-agent string.

 

This processing is used to display comments and to detect and prevent spam.

 

Legal basis:

 

Art. 6(1)(f) GDPR (legitimate interest in functionality and prevention of misuse).

 

6.2 Gravatar

An anonymized string (hash) may be generated from your email address and transmitted to the Gravatar service (Automattic) to check whether you use Gravatar. The Gravatar service’s privacy policy can be found here:

 

Privacy Policy

Once your comment has been published, your profile picture will be publicly visible in the context of your comment.

 

Legal basis:

 

Art. 6(1)(f) GDPR (legitimate interest in the convenient display of profile pictures).

 

Note regarding third countries:

 

When using Gravatar, processing outside the EU/EEA cannot be ruled out (see Section 12).

 

6.3 Media (Uploads) / EXIF Data

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF-GPS). Website visitors can download images and extract location data from them.

 

Legal basis:

 

Art. 6(1)(f) GDPR (operation and provision of the feature), or Art. 6(1)(b) GDPR if uploads occur as part of a specific service or contractual process.

 

6.4 User Accounts / Profiles

For users who register on our website, we also store the personal data they provide in their user profiles. All users can view, modify, or delete their personal information at any time (the username cannot be changed). Website administrators can also view and modify this information.

 

Legal bases:

 

Art. 6(1)(f) GDPR (operation/administration of the website),

Art. 6(1)(b) GDPR, provided that an account is required in connection with a (pre-)contractual relationship.

Retention period:

 

User profiles are stored for as long as the user account exists or for as long as the data is required for the purpose of account management. (See also Section 10.)

 

6.5 Password Reset

If you request a password reset, your IP address will be included in the reset email.

 

Purpose:

 

Security and prevention of misuse.

 

Legal basis:

 

Art. 6(1)(f) GDPR (IT security).

 

7. Embedded content from other websites

Posts on this website may contain embedded content (e.g., videos, images, posts, etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other website.

 

These websites may collect data about you, use cookies, embed additional third-party tracking services, and record your interaction with this embedded content, including your interaction with the embedded content if you have an account and are logged in to that website.

 

Legal basis / Control:

 

Unless embedded content is strictly necessary, it is generally loaded only after consent is given via the consent banner (see Sections 8 and 9), provided this is technically implemented.

 

8. Cookies / Similar Technologies – General

8.1 What Are Cookies?

Cookies are small text files that are stored on your computer or mobile device when you visit websites. Cookies may be necessary for the website to function properly, or they may enable additional features, statistics, or marketing.

 

8.2 Cookie Categories

In accordance with the consent tool used on the website and the cookie policy, we distinguish between the following categories in particular:

 

Functional/technically necessary cookies

Statistical cookies (anonymized where applicable)

Marketing/tracking cookies

8.3 Consent

When you visit our website for the first time, we display a pop-up with an explanation of cookies. As soon as you click “Save settings,” you consent to our use of the categories of cookies and plug-ins you selected in the pop-up, as described in the cookie policy. You can disable the use of cookies via your browser; please note that our website may then no longer function properly.

 

8.4 Management / Withdrawal

You can change or withdraw your consent at any time via the cookie settings (consent banner/link). The withdrawal takes effect for the future.

9. Cookies / Services Used (Current status according to the Cookie Policy on t-ais.com)

Note:

 

The following overview is based on the Cookie Policy currently published on the website. The most up-to-date Cookie Overview in the consent banner or in the Cookie Policy always takes precedence.

 

9.1 Pagebuilder (Various) – Category: Functional

Purpose: Website design / provision of a responsive website.

 

Sharing of data: According to the Cookie Policy, no data is shared with third parties.

 

Functional cookies (persistent):

 

– tTE

 

– tMQ

 

– tnsApp

 

– tADu

 

– tTDu

 

– t3D

 

– tPL

 

– tTDe

 

– tTf

 

– tADe

 

– tC

 

– tAE

 

Function: “Provide a responsive website.”

 

Legal basis:

 

  • 25(2) TTDSG (technically necessary),

Art. 6(1)(f) GDPR (operation/usability).

9.2 Elementor – Category: Statistics (anonymous)

Purpose: Content creation; storage of actions performed on the website.

 

Cookie:

 

– elementor (persistent)

 

Legal basis:

 

– § 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR, provided that it is listed in the consent banner as statistics requiring consent.

 

(If the service is actually operated completely anonymously without any personal references, Art. 6(1)(f) GDPR may apply; the respective configuration and classification in the banner is decisive.)

 

9.3 WordPress – Category: Functional

Purpose: Website development/operation; user preferences; cookie test; login status.

 

Sharing of data: According to the cookie policy, no data is shared with third parties.

 

Cookies:

 

– WP_PREFERENCES_USER_* (persistent) – Store user preferences

 

– wpEmojiSettingsSupports (session) – Store browser details

 

– wp-settings-* (persistent) – Store user preferences

 

– wordpress_test_cookie (session) – Check if cookies can be placed

 

– wordpress_logged_in_* (persistent) – Store logged-in users

 

Legal basis:

 

– Section 25(2) TTDSG,

 

– Art. 6(1)(f) GDPR.

 

9.4 Google Fonts – Category: Marketing

Purpose: Display of web fonts.

 

Technology: Google Fonts API (not a traditional cookie; external retrieval).

 

Function according to cookie policy: “Request the user’s IP address.”

 

Legal basis:

 

– Section 25(1) TTDSG and Art. 6(1)(a) GDPR (consent), as classified as “marketing.”

 

Third countries/transfers:

 

Google states that data may be processed globally and cites, among other things, the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC) for data transfers. [1](https://policies.google.com/privacy/frameworks?hl=en-US)

 

9.5 Google reCAPTCHA – Category: Marketing

Purpose: Spam prevention.

 

Cookies:

 

– rc::c (session) – Read and filter requests from bots

 

– rc::b (session) – Read and filter requests from bots

 

– rc::a (persistent) – Read and filter requests from bots

 

Legal basis:

 

– Section 25(1) TTDSG and Article 6(1)(a) GDPR (consent), as classified as “marketing.”

 

Third countries/transfers:

 

As a Google service, processing outside the EU/EEA cannot be ruled out; Google cites mechanisms such as DPF/SCC, among others. [1](https://policies.google.com/privacy/frameworks?hl=en-US)

 

9.6 Google Maps – Category: Marketing

Purpose: Maps display.

 

Technology: Google Maps API (not a traditional cookie; external retrieval).

 

Function according to cookie policy: “Request the user’s IP address.”

 

Legal basis:

 

– Section 25(1) TTDSG and Article 6(1)(a) GDPR (consent), as classified as “marketing.”

 

Third countries/transfers:

 

Google cites DPF/SCC, among others, for data transfers; for the Google Maps Platform, there is also information regarding the incorporation of the EU Standard Contractual Clauses. [1](https://policies.google.com/privacy/frameworks?hl=en-US)[2](https://mapsplatform.google.com/resources/trust-center/eu-standard-contractual-clauses/)

9.7 Complianz – Category: Functional

Purpose: Cookie consent management.

 

Data sharing: According to the cookie policy, no data is shared with third parties (additional information in the Complianz guidelines).

 

Cookies:

 

– cmplz_functional (365 days) – Stores cookie consent settings

 

– cmplz_preferences (365 days) – Stores cookie consent settings

 

– cmplz_marketing (365 days) – Stores cookie consent settings

 

– cmplz_consented_services (365 days) – Store cookie consent settings

 

– cmplz_banner-status (365 days) – Store whether the cookie banner has been dismissed

 

Proof of Consent (“Records of Consent”):

 

Complianz describes the ability to log consent decisions pseudonymously (e.g., consent ID, categories, timestamps, anonymized IP/region) – depending on the activated functionality/configuration. [3](https://complianz.io/records-of-consent/)[4](https://wordpress.org/plugins/complianz-gdpr/)

 

Legal basis:

 

– Section 25(2) TTDSG (technically necessary for storing the consent selection),

 

– Art. 6(1)(f) GDPR (legitimate interest in compliance/consent management).

 

9.8 Wordfence – Category: Functional

Purpose: Website security.

 

Cookie:

 

– wfwaf-authcookie* (1 day) – Used to determine if the user is logged in

 

Legal basis:

 

– Section 25(2) TTDSG,

 

– Art. 6(1)(f) GDPR (IT security, prevention of misuse).

 

Third countries/transfers:

 

Wordfence/Defiant states that, depending on the service/setup, personal data may also be stored or processed outside the EU/UK and cites standard contractual clauses, among other things, as a protective mechanism. [5](https://www.wordfence.com/privacy-policy/)

 

9.9 Miscellaneous – Cookies currently under review

The cookie policy also lists cookies whose assignment/purpose is currently still under investigation (“Subject to investigation”), including:

– NavigationWidth

– e_my_templates_source

– e_wp

– image-optimizer-not-connected-modal

– e_event-tracker

 

– fslightbox-scrollbar-width

 

– elementor_sidebar_menu_expanded_v2_elementor-system

 

– e_kit-elements-defaults

 

– image-optimization-trial-end-close-time

 

– Console

 

– wp-settings-time-1

 

– __mp_opt_in_out_*

 

– elementor_sidebar_menu_expanded_v2_elementor-custom-elements

 

– WP_DATA_USER_2

 

Policy:

 

These cookies are continuously reviewed and, once the analysis in the consent banner is complete (category, purpose, duration, provider), are correctly classified and transparently described. Until then, the information provided in the cookie policy on the website applies.

 

10. How long we store your data (retention period)

10.1 Comments

When you post a comment, it is stored indefinitely, including metadata. This allows us to automatically recognize and approve follow-up comments instead of holding them in a moderation queue.

 

10.2 User Profiles

For users who register on the website, we store the personal data provided in the user profile. The data is stored for as long as the user account exists. Users can view, change, or delete their data at any time (username cannot be changed). Administrators can view and modify profiles.

 

10.3 Password Reset

For password reset requests, the IP address will be included in the reset email. Any further retention is determined by technical system processes (for security purposes).

 

10.4 Server Log Files

Maximum 30 days (see Section 5.2).

 

10.5 Cookies / Consent

The storage period for individual cookies is specified in the cookie policy (e.g., Complianz cookies: 365 days; Wordfence wfwaf-authcookie: 1 day; WordPress/Elementor: varies by cookie). The cookie list in the consent banner is authoritative.

11. Who we share your data with / Recipients

Depending on your usage and the services you have activated, data may be processed by or transferred to:

 

 Hosting providers (HostPress GmbH) and sub-processors (e.g., Hetzner, Krämer IT) for the purpose of providing the website.

Wordfence/Defiant for website security (see the Cookies/Services section).

Google when using Google Fonts, Google Maps, and Google reCAPTCHA (upon consent), provided that the services are enabled in the banner.

Automattic/Gravatar (for comments and use of the Gravatar verification).

Internal recipients (authorized employees), to the extent necessary for administration, security, or processing of inquiries.

  1. Where Your Data Is Sent / Transfers to Third Countries (Art. 44 et seq. GDPR)

Hosting takes place in Germany. However, due to the integration of external services, processing outside the EU/EEA cannot be ruled out, particularly in the case of:

 

Google services (Fonts, Maps, reCAPTCHA): Google describes global processing and cites, among other things, the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC) as mechanisms for data transfers. [1](https://policies.google.com/privacy/frameworks?hl=en-US) [2](https://mapsplatform.google.com/resources/trust-center/eu-standard-contractual-clauses/)

Wordfence/Defiant: Wordfence describes possible processing outside the EU/UK and refers to appropriate transfer mechanisms (e.g., SCC). [5](https://www.wordfence.com/privacy-policy/)

Gravatar/Automattic: Depending on usage/infrastructure, processing outside the EU/EEA cannot be ruled out.

If transfers to third countries take place, we ensure that the requirements of Art. 44 et seq. GDPR are met (e.g., adequacy decision such as DPF, standard contractual clauses, additional measures if necessary). [1](https://policies.google.com/privacy/frameworks?hl=en-US)[5](https://www.wordfence.com/privacy-policy/)

13. What rights you have regarding your data (data subject rights)

If you have an account on this website or have posted comments, you can request an export of your personal data from us, including all data you have provided to us. In addition, you can request the deletion of all personal data we have stored about you. This does not include data that we are required to retain for administrative, legal, or security purposes.

 

Rights at a Glance (Art. 15–22 GDPR):

 

Access (Art. 15 GDPR)

Rectification (Art. 16 GDPR)

Erasure (Art. 17 GDPR)

Restriction of Processing (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Objection (Art. 21 GDPR)

Withdrawal of consent (Art. 7(3) GDPR)

Exercising your rights:

 

Please contact us at privacy@truma.com

 

Identity verification:

 

We review requests in accordance with our internal SOP. We regularly verify the communication channel (e.g., email address). In cases of reasonable doubt, additional proof may be required.

 

14. Data Security

We protect personal data through appropriate technical and organizational measures (TOM), in particular:

 

TLS/SSL encryption of data transmission,

Access restrictions (need-to-know),

Security measures for attack detection and defense (e.g., Wordfence),

Maintenance of systems and plugins through updates/patches,

Backups in accordance with internal guidelines.

Please note that, despite all measures taken, complete security during data transmission over the Internet cannot be guaranteed.

 

15. Automated Decision-Making / Profiling

We do not engage in automated decision-making with legal effects within the meaning of Article 22 of the GDPR. We do not conduct profiling in the sense of an automated evaluation of personal aspects. (Note: Security/bot defense services may perform technical checks to prevent abuse, e.g., with reCAPTCHA.)

 

16. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for the controller in Bavaria is:

 

The Bavarian State Commissioner for Data Protection (BayLfD)

 

17. Changes to this Privacy Policy

We update this Privacy Policy if the website, the services used, or legal requirements change. The effective date at the beginning of this Privacy Policy is decisive.